It’s been six months since I last wrote about cyber threats to schools and colleges; I thought that it would be interesting to find out what has changed since then.
In mid-September the NCSC (National Cyber Security Centre) issued an alert to the UK education sector due to the increased number of ransomware attacks on the sector. Ransomware is a malware that prevents users from accessing their data by encrypting it. The criminals that carry out the attack then issue a ransom note demanding payment to release the data.
The NCSC reported at the time that ‘More recently, there has been a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid’.
It’s not just the potential loss of data, but the impact on schools and colleges in terms of time and resources needed to re-enable their critical services.
Three main access points were identified in the alert:
To make their attacks more effective, criminals have also been seen to:
The NCSC recommends that ‘organisations implement a ‘defence in depth’ strategy to defend against malware and ransomware attacks’. Read more on this here.
They also suggest that the following questions should be posed by the governors and school leaders:
This is just an overview of the questions to provoke some thought; for full details of the questions to ask and answers to look for see this link.
In my original blog I noted that in the 2019 School Cyber Security Audit, teachers and support staff did not feel very knowledgeable when it came to cyber security. The survey highlighted an appetite for more staff training. The NCSC have now produced a free e-learning training package. This is easy-to-use and takes less than 30 minutes to complete. The training introduces why cyber security is important and how attacks happen, and then four key areas.
The training can be accessed here.
Arranged in a series of short videos, the training is hosted on the NCSC website and no login is required. The package is free to use, and includes a short quiz at the end, with links to further reading. The training is a good introduction to cyber security issues so I suggest you try the training yourself and then roll it out to staff.
Support for teachers to deliver cyber safety lesson
The insurer Ecclesiastical has produced their own Cyber Ready Toolkit, a lesson plan resource to support teachers in delivering cyber safety to children. The primary outcome for pupils should be an awareness of cyber issues, with the secondary outcome being exposure to new problem-solving techniques (Design Thinking). It will enable students to come up with their own solution to solve cyber safety problems and gain creative confidence because they followed a process that allowed them to be the leaders and decision makers. The documents can be downloaded here.
For further information on this topic, you can read this research paper on Fraud and cybercrime vulnerabilities in Independent Schools by Crowe, KYND and the University of Portsmouth.
If you would like to find out more about cyber security for schools and colleges please contact our education expert, Mark Rose:
Mark Rose Cert CII
[email protected] | 07841 430 237
Posted by mark rose on
4 December 2020 at 12:00 AM
Other education updates, Parents and Pupils, Schools and Colleges
Health and wellness
Home and Contents
Museums and Visitor attractions
Other education updates
Parents and Pupils
Returning to school and mass testing updates
Schools and Colleges
Yachts and Boats
Health and safety
Home and contents
Small business and start ups
Read article >